<html xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>认证授权服务文档</title>
    <style>
        body {
            padding-left: 5rem;
            font-size: 1.5rem;
        }

        td, tr {
            width: 23rem;
            font-size: 1.3rem;
            text-align: left;
        }
    </style>
</head>
<body>
<h1>OAuth 2.0 认证授权协议，实现</h1>
<p>oauth2-common : 通用工具类，如：异常，枚举类型，OAuth2Token，SecurityUtils，验证码</p>
<p>oauth2-server : OAuth 2.0授权服务端，实现了：客户端模式，密码模式，手机短信验证码模式</p>
<p>oauth2-client : OAuth 2.0授权客户端，在其他应用中集成，即可轻松接入铭灏授权平台</p>
<p>oauth2-client-test : 测试OAuth 2.0授权客户端</p>
<p>&nbsp;</p>
<h2>1.导入数据库，最好是 MySQL 8.0 </h2>
<h2>2.修改 [ oauth2-server ] application-dev.yml 中的 数据库连接地址，和 redis 连接地址</h2>
<h2>3.在IntelliJ IDEA中，可以 使用 REST Client 调用，测试接口</h2>
<p><img src="/img/3.png" referrerpolicy="no-referrer"></p>
<p>&nbsp;</p>
<h3>可用客户端列表</h3>
<figure>
    <table>
        <thead>
        <tr>
            <th>clientId</th>
            <th>secret</th>
            <th>name</th>
            <th>grant_types</th>
        </tr>
        </thead>
        <tbody>
        <tr>
            <td>7KutwpFgFXv0hcvkBO</td>
            <td>7KutwpFgFXv0hcvkBO</td>
            <td>商户管理后台</td>
            <td>[&quot;we_chat&quot;,&quot;password&quot;,&quot;tencent_qq&quot;,&quot;sms&quot;]</td>
        </tr>
        <tr>
            <td>nssbTtp5FO6NjZpUwP</td>
            <td>nssbTtp5FO6NjZpUwP</td>
            <td>vue.js 总部管理后台</td>
            <td>[&quot;*&quot;]</td>
        </tr>
        <tr>
            <td>VIUvXZmVXmOFh1gYWK</td>
            <td>VIUvXZmVXmOFh1gYWK</td>
            <td>华为IOT园区项目组,API</td>
            <td>[&quot;client_credentials&quot;]</td>
        </tr>
        </tbody>
    </table>
</figure>
<p>grant_types: 参数解释</p>
<p>&quot; * &quot; : 表示全部</p>
<p>we_chat： 微信授权登录</p>
<p>tencent_qq： 腾讯QQ授权登录</p>
<p>password： 密码模式授权登录</p>
<p>sms： 短信验证码授权登录</p>
<p>&nbsp;</p>
<h3>可用 用户列表</h3>
<figure>
    <table>
        <thead>
        <tr>
            <th>username</th>
            <th>password</th>
            <th>mobile</th>
            <th>email</th>
            <th>nickname</th>
        </tr>
        </thead>
        <tbody>
        <tr>
            <td>admin</td>
            <td>admin</td>
            <td>15071525233</td>
            <td><a href='mailto:3548794@qq.com' target='_blank' class='url'>3548794@qq.com</a></td>
            <td>管理员</td>
        </tr>
        <tr>
            <td>test</td>
            <td>test</td>
            <td>15076549849</td>
            <td><a href='mailto:57487484@qq.com' target='_blank' class='url'>57487484@qq.com</a></td>
            <td>测试</td>
        </tr>
        <tr>
            <td>doudou</td>
            <td>doudou</td>
            <td>15076549869</td>
            <td><a href='mailto:15076549869@qq.com' target='_blank' class='url'>15076549869@qq.com</a></td>
            <td>王逗逗</td>
        </tr>
        </tbody>
    </table>
</figure>
<p>&nbsp;</p>
<h2>授权码模式</h2>
<h4>1.在浏览器中打开如下地址</h4>
<pre><code>http://localhost:8098/code?responseType=code&amp;clientId=nssbTtp5FO6NjZpUwP&amp;redirectUri=http://www.xaaef.com/getCode&amp;scope=base_user&amp;state=K2KpBc6cF00JkRZPd
</code></pre>
<h4>2.输入用户名和密码， 默认都是： admin</h4>
<p><img src="/img/2.png" referrerpolicy="no-referrer"></p>
<p>&nbsp;</p>
<h4>3.登录成功后，就可以看到浏览器地址栏中的 code 参数</h4>
<p><img src="/img/1.png" referrerpolicy="no-referrer"></p>
<h4>4.通过 code 换 access_token </h4>
<pre><code>POST http://localhost:8098/access_token
Content-Type: application/json

body：
{
    &quot;grant_type&quot;:&quot;authorization_code&quot;,
    &quot;client_id&quot;:&quot;nssbTtp5FO6NjZpUwP&quot;,
    &quot;client_secret&quot;:&quot;nssbTtp5FO6NjZpUwP&quot;,
    &quot;code&quot;:&quot;上一步，中获取的 code &quot;
}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;,
  &quot;data&quot;: {
    &quot;access_token&quot;: &quot;eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOIeqPZhq-EH9RwV10hs9IHrLQ8ctEAhNbkICtEPLROP6pmyc_Q&quot;,
    &quot;token_type&quot;: &quot;Bearer &quot;,
    &quot;expires_in&quot;: 3600,
    &quot;refresh_token&quot;: &quot;eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIxMThlY2NlkwMjUifQ.eNOiBa_gMNbkIChXY-Yn6IqMlzzw&quot;,
    &quot;scope&quot;: &quot;read,write&quot;
  }
}
</code></pre>
<p>&nbsp;</p>
<h4>5.通过上一步获取的 access_token 参数，获取用户信息</h4>
<pre><code>GET http://localhost:8098/loginInfo
Content-Type: application/json
Authorization: Bearer {{access_token}}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;,
  &quot;data&quot;: {
    &quot;tokenId&quot;: &quot;ac44d5f3646f43cda94e72fcb1ddcfe5&quot;,
    &quot;grantType&quot;: &quot;authorization_code&quot;,
    &quot;user&quot;: {
      &quot;userId&quot;: 609429132107067392,
      &quot;avatar&quot;: &quot;https://images.xaaef.com/b9a7abacafd747bbb74cf7cb3de36c1e.png&quot;,
      &quot;username&quot;: &quot;admin&quot;,
      &quot;mobile&quot;: &quot;15071525233&quot;,
      &quot;email&quot;: &quot;3548794@qq.com&quot;,
      &quot;nickname&quot;: &quot;管理员&quot;,
      &quot;gender&quot;: 1,
      &quot;birthday&quot;: &quot;1995-08-17&quot;,
      &quot;status&quot;: 2,
      &quot;adminFlag&quot;: 1
    },
    &quot;client&quot;: {
      &quot;clientId&quot;: &quot;7KutwpFgFXv0hcvkBO&quot;,
      &quot;name&quot;: &quot;商户管理后台&quot;,
      &quot;logo&quot;: &quot;dwa&quot;,
      &quot;description&quot;: &quot;多商户管理后台&quot;,
      &quot;clientType&quot;: 1,
      &quot;grantTypes&quot;: [
        &quot;*&quot;
      ],
      &quot;domainName&quot;: &quot;www.xaaef.com&quot;,
      &quot;scope&quot;: &quot;read,write&quot;
    }
  }
}
</code></pre>
<p>&nbsp;</p>
<h2>密码模式</h2>
<pre><code>POST http://localhost:8098/password
Content-Type: application/json

body：
{
  &quot;username&quot;: &quot;admin&quot;,
  &quot;password&quot;: &quot;admin&quot;,
  &quot;grant_type&quot;: &quot;password&quot;,
  &quot;client_id&quot;: &quot;7KutwpFgFXv0hcvkBO&quot;,
  &quot;client_secret&quot;: &quot;7KutwpFgFXv0hcvkBO&quot;
}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;,
  &quot;data&quot;: {
    &quot;access_token&quot;: &quot;eyJhbGciOiJIUdGkiOMNWklfskZwzUxMiJ9.eyJqdGkiOMNWklfskZw-Z6lEzJqHVOpr5-g&quot;,
    &quot;token_type&quot;: &quot;Bearer &quot;,
    &quot;expires_in&quot;: 3600,
    &quot;refresh_token&quot;: &quot;eyJhbGciOiJIiOiJIUzUzUxMiJ9.eyJqdGkiOiIiOiJIUz2YjYwZDM5ZGzAKZflB2z_79n-Q&quot;,
    &quot;scope&quot;: &quot;read,write&quot;
  }
}
</code></pre>
<p>&nbsp;</p>
<h2>客户端模式</h2>
<pre><code>POST http://localhost:8098/client
Content-Type: application/json

body：
{
  &quot;scope&quot;: &quot;read&quot;,
  &quot;grant_type&quot;: &quot;client_credentials&quot;,
  &quot;client_id&quot;: &quot;VIUvXZmVXmOFh1gYWK&quot;,
  &quot;client_secret&quot;: &quot;VIUvXZmVXmOFh1gYWK&quot;
}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;,
  &quot;data&quot;: {
    &quot;access_token&quot;: &quot;eyJhbGciOiJIUdGkiOMNWklfskZwzUxMiJ9.eyJqdGkiOMNWklfskZw-Z6lEzJqHVOpr5-g&quot;,
    &quot;token_type&quot;: &quot;Bearer &quot;,
    &quot;expires_in&quot;: 3600,
    &quot;refresh_token&quot;: &quot;eyJhbGciOiJIiOiJIUzUzUxMiJ9.eyJqdGkiOiIiOiJIUz2YjYwZDM5ZGzAKZflB2z_79n-Q&quot;,
    &quot;scope&quot;: &quot;read,write&quot;
  }
}
</code></pre>
<p>&nbsp;</p>
<h2>短信验证码模式</h2>
<pre><code>### 发送短信 验证码
POST http://localhost:8098/sms/send
Content-Type: application/json

body：
{
  &quot;client_id&quot;: &quot;nssbTtp5FO6NjZpUwP&quot;,
  &quot;mobile&quot;: &quot;15071525233&quot;
}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;
}


### 短信验证码 模式登录
POST http://localhost:8098/sms
Content-Type: application/json

body：
{
  &quot;mobile&quot;: &quot;15071525233&quot;,
  &quot;code&quot;: &quot;1168&quot;,
  &quot;grant_type&quot;: &quot;sms&quot;,
  &quot;client_id&quot;: &quot;nssbTtp5FO6NjZpUwP&quot;,
  &quot;client_secret&quot;: &quot;nssbTtp5FO6NjZpUwP&quot;
}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;,
  &quot;data&quot;: {
    &quot;access_token&quot;: &quot;eyJhbGciOiJIUdGkiOMNWklfskZwzUxMiJ9.eyJqdGkiOMNWklfskZw-Z6lEzJqHVOpr5-g&quot;,
    &quot;token_type&quot;: &quot;Bearer &quot;,
    &quot;expires_in&quot;: 3600,
    &quot;refresh_token&quot;: &quot;eyJhbGciOiJIiOiJIUzUzUxMiJ9.eyJqdGkiOiIiOiJIUz2YjYwZDM5ZGzAKZflB2z_79n-Q&quot;,
    &quot;scope&quot;: &quot;read,write&quot;
  }
}
</code></pre>
<p>&nbsp;</p>
<h2>获取登录用户信息</h2>
<pre><code>### 获取登录的用户信息
GET http://localhost:8098/loginInfo
Content-Type: application/json
Authorization: Bearer {{tokenValue}}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;,
  &quot;data&quot;: {
    &quot;tokenId&quot;: &quot;ac44d5f3646f43cda94e72fcb1ddcfe5&quot;,
    &quot;grantType&quot;: &quot;password&quot;,
    &quot;user&quot;: {
      &quot;userId&quot;: 609429132107067392,
      &quot;avatar&quot;: &quot;https://images.xaaef.com/b9a7abacafd747bbb74cf7cb3de36c1e.png&quot;,
      &quot;username&quot;: &quot;admin&quot;,
      &quot;mobile&quot;: &quot;15071525233&quot;,
      &quot;email&quot;: &quot;3548794@qq.com&quot;,
      &quot;nickname&quot;: &quot;管理员&quot;,
      &quot;gender&quot;: 1,
      &quot;birthday&quot;: &quot;1995-08-17&quot;,
      &quot;status&quot;: 2,
      &quot;adminFlag&quot;: 1
    },
    &quot;client&quot;: {
      &quot;clientId&quot;: &quot;7KutwpFgFXv0hcvkBO&quot;,
      &quot;name&quot;: &quot;商户管理后台&quot;,
      &quot;logo&quot;: &quot;dwa&quot;,
      &quot;description&quot;: &quot;多商户管理后台&quot;,
      &quot;clientType&quot;: 1,
      &quot;grantTypes&quot;: [
        &quot;we_chat&quot;,
        &quot;password&quot;,
        &quot;tencent_qq&quot;,
        &quot;sms&quot;
      ],
      &quot;domainName&quot;: &quot;www.mhtled.com&quot;,
      &quot;scope&quot;: &quot;read,write&quot;
    }
  }
}
</code></pre>
<p>&nbsp;</p>
<h2>刷新 token</h2>
<pre><code>### 刷新 token
POST http://localhost:8098/refresh
Content-Type: application/json
RefreshToken: Bearer {{refreshToken}}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;,
  &quot;data&quot;: {
    &quot;access_token&quot;: &quot;eyJhbGciOiJIUdGkiOMNWklfskZwzUxMiJ9.eyJqdGkiOMNWklfskZw-Z6lEzJqHVOpr5-g&quot;,
    &quot;token_type&quot;: &quot;Bearer &quot;,
    &quot;expires_in&quot;: 3600,
    &quot;refresh_token&quot;: &quot;eyJhbGciOiJIiOiJIUzUzUxMiJ9.eyJqdGkiOiIiOiJIUz2YjYwZDM5ZGzAKZflB2z_79n-Q&quot;,
    &quot;scope&quot;: &quot;read,write&quot;
  }
}
</code></pre>
<p>&nbsp;</p>
<h2>退出登录</h2>
<pre><code>### 退出登录
POST http://localhost:8098/logout
Content-Type: application/json
Authorization: Bearer {{tokenValue}}

response:
{
  &quot;status&quot;: 200,
  &quot;message&quot;: &quot;ok&quot;
}
</code></pre>

</body>
</html>